{"id":"CVE-2021-21315","details":"The System Information Library for Node.JS (npm package \"systeminformation\") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected.","aliases":["GHSA-2m8v-572m-ff2v"],"modified":"2026-04-10T04:29:35.601193Z","published":"2021-02-16T17:15:13.050Z","related":["GHSA-2m8v-572m-ff2v"],"references":[{"type":"WEB","url":"https://www.npmjs.com/package/systeminformation"},{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21315"},{"type":"ADVISORY","url":"https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-2m8v-572m-ff2v"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210312-0007/"},{"type":"REPORT","url":"https://lists.apache.org/thread.html/r8afea9a83ed568f2647cccc6d8d06126f9815715ddf9a4d479b26b05%40%3Cissues.cordova.apache.org%3E"},{"type":"FIX","url":"https://github.com/sebhildebrandt/systeminformation/commit/07daa05fb06f24f96297abaa30c2ace8bfd8b525"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/cordova-android","events":[{"introduced":"0"},{"last_affected":"7572fc4912c908adb9b0498959c0eadecbbc9f95"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"10.0.0"}]}},{"type":"GIT","repo":"https://github.com/sebhildebrandt/systeminformation","events":[{"introduced":"0"},{"fixed":"fbb5c2adcddd9e657d25fda8442c0b3de2c62fb0"},{"fixed":"07daa05fb06f24f96297abaa30c2ace8bfd8b525"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"5.3.1"}]}}],"versions":["0.9.0","0.9.2","0.9.3","0.9.4","0.9.5","0.9.5.1","1.1.0","1.2.0","1.4.0","1.4.0rc1","1.4.1","1.5.0","1.5.0rc1","1.6.0","1.6.0rc1","1.6.1","1.7.0","1.8.0rc1","1.8.1pre","1.9.0","10.0.0","2.0.0","2.0.0rc1","2.1.0","2.1.0rc1","2.1.0rc2","2.2.0","2.2.0rc1","2.4.0","2.4.0rc1","CheckIn_node_modules","StablePoC","rel/10.0.0","rel/StablePoC","v3.42.5","v3.42.6","v3.42.7","v3.42.8","v3.45.8","v3.45.9","v3.48.2","v3.48.3","v3.48.4","v3.51.1","v3.51.2","v3.52.0","v3.52.1","v4.0.12","v4.0.13","v4.0.14","v4.0.15","v4.0.6","v4.0.7","v4.0.9","v4.1.5","v4.1.6","v4.1.7","v4.1.8","v4.11.5","v4.11.6","v4.12.1","v4.12.2","v4.13.1","v4.13.2","v4.14.0","v4.14.10","v4.14.11","v4.14.14","v4.14.15","v4.14.3","v4.14.5","v4.14.6","v4.14.7","v4.14.9","v4.15.0","v4.15.1","v4.16.0","v4.16.1","v4.17.0","v4.17.1","v4.17.2","v4.17.3","v4.18.0","v4.18.1","v4.18.2","v4.18.3","v4.19.0","v4.19.1","v4.19.2","v4.19.3","v4.19.4","v4.2.0","v4.2.1","v4.20.0","v4.20.1","v4.21.0","v4.22.6","v4.22.7","v4.23.0","v4.23.1","v4.23.10","v4.23.2","v4.23.3","v4.23.4","v4.23.5","v4.23.6","v4.23.7","v4.23.8","v4.23.9","v4.24.0","v4.24.1","v4.25.2","v4.26.10","v4.26.11","v4.26.12","v4.26.2","v4.26.3","v4.26.4","v4.26.5","v4.26.6","v4.26.7","v4.26.8","v4.26.9","v4.27.0","v4.27.1","v4.27.10","v4.27.11","v4.27.2","v4.27.3","v4.27.4","v4.27.5","v4.27.6","v4.27.7","v4.27.8","v4.27.9","v4.28.0","v4.28.1","v4.29.0","v4.29.1","v4.29.2","v4.29.3","v4.3.0","v4.30.0","v4.30.1","v4.30.10","v4.30.11","v4.30.2","v4.30.3","v4.30.4","v4.30.5","v4.30.6","v4.30.7","v4.30.8","v4.30.9","v4.31.1","v4.31.2","v4.32.0","v4.33.0","v4.33.1","v4.33.2","v4.33.3","v4.33.4","v4.33.5","v4.33.6","v4.33.7","v4.33.8","v4.34.0","v4.34.1","v4.34.2","v4.34.3","v4.34.4","v4.34.5","v4.34.6","v4.34.7","v4.34.8","v4.34.9","v4.6.1","v4.7.0","v4.7.1","v4.7.2","v4.7.3","v4.8.4","v4.9.0","v5.0.0","v5.0.1","v5.0.10","v5.0.11","v5.0.2","v5.0.3","v5.0.4","v5.0.5","v5.0.6","v5.0.7","v5.0.8","v5.0.9","v5.1.0","v5.1.1","v5.1.2","v5.2.0","v5.2.1","v5.2.2","v5.2.3","v5.2.4","v5.2.5","v5.2.6","v5.2.7","v5.3.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21315.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}